about - Media coverage

“I’d expect Google to challenge the ruling, and we may see the conclusion produce an important test in law that will bring clarity around GDPR implementation for others,” says Matt Walmsley, EMEA director at Vectra.

“The biggest concern about the shutdown is that it would hamper the government’s ability to attract and retain good cybersecurity talent," says Chris Morales, head of security analytics at Vectra. "Private sector cybersecurity jobs pay much more lucrative salaries and benefits, which makes it much harder for government agencies to compete."

The biggest concern of the government shutdown is that this type of instability would hamper the federal government’s ability to attract and retain good cybersecurity talent, according to Chris Morales, head of security analytics at Vectra.

Chris Morales, head of security analytics at Vectra, says NIST would be subject to closure because it's primarily a research and publication institute. He says it might be concerning that some individuals couldn't reach the organization's Cybersecurity Framework, but that document is still available via a direct link.

"Since we have been successful using AI to detect attacker behaviors in real time, someone should ask a team of data scientists to find a way to use AI to detect political misinformation, since there seems to be more than an average person can sort through,” says Chris Morales, head of security analytics at Vectra.

"While these are scary threats, the ability to execute an attack using these flaws is hard," says Chris Morales, head of security analytics at Vectra. "The speed to extract data from system memory is very low and stealing anything more than a simple password could take days or much longer."

"Erosion of confidence in the government could benefit nation states wishing to promote political instability in Germany and it was interesting to see that the members of the right wing AfD party were not reportedly affected," says Matt Walmsley, EMEA director at Vectra.

Data on hundreds of German politicians published online in massive compromise

January 4, 2019

Dark Reading

"There is a history of Russian state sponsored interference and cyberattacks into western democracies, particularly those aligned with NATO," says Matt Walmsley, EMEA director at Vectra. If Russia was the attacker, it would not be surprising if threat actors like the Sofacy group (aka Fancy Bear/APT28) were involved.

“Initial reports say that members of the far-right Alternative for Germany (AfD) party hasn’t been affected so there may be a political motivation in this attack,” says Matt Walmsley, EMEA director at Vectra. “We shouldn’t disregard the work of foreign state actors here either."

"This is just the first of many high-profile breaches we’ll see this year and it serves a powerful reminder that well-resourced, motivated and persistent attackers almost always succeed," says Matt Walmsley, EMEA director at Vectra.

Matt Walmsley, EMEA director at Vectra, notes that Germany’s BSI information security agency was tipped off by the US last month that China was targeting the country with cloud hopper-style attacks that target organisations through managed service providers.

Mass hack of German politicians 'very damaging' to government credibility

January 4, 2019

Verdict

“For a country that holds individual privacy so dearly and has some of the region’s strictest data protection laws this is a very damaging attack, not least for the German government’s credibility to secure itself,” comments Matt Walmsley, EMEA director at Vectra.

“It is a classic ‘could have, should have’ scenario,” says Chris Morales, head of security analytics at Vectra. “The failure comes down to people and process, not necessarily technology. As long as a motive exists, attackers will attempt to compromise networks until they succeed.”

“Data science platforms that support machine learning will become the mainstay of cyber security systems,” says Chris Morales, head of security analytics at Vectra. Security vendors are leveraging AI software to churn through massive amounts of data to detect and defend against cyberthreats.

"We will see an increase in the use of deep learning, such as recursive neural nets, that enable algorithms to continuously learn and evolve," says Chris Morales, head of security analytics at Vectra. "2019 will see deep learning become the best practice for detecting cyberattacks."

The problem wasn't that the data centers lacked the authentication or encryption tools. "The controls existed but were not implemented and used equally and regularly," Chris Morales, head of security analytics at Vectra, says.

Chris Morales, head of security analytics at Vectra, says the biggest risk posed by mobile devices in a corporate network is malicious apps gaining access to enterprise data. Make sure mobile devices do not share network connectivity with critical infrastructure or systems with sensitive information.

The Vectra Cognito platform incorporates artificial intelligence (AI), deep machine learning and traffic monitoring into a tool that is able to detect threats that other programs miss, even if they are already entrenched inside a protected network.

"VirusTotal provides value only if you have the necessary staff to extract value from it," says Oliver Tavakoli, chief technology officer at Vectra. "This is reflective of the fact that the VirusTotal data repository is of most value to large and expert IT security teams."

"Hacks are getting bigger because the volume of data generated on the Internet every single day is so large," says Chris Morales, head of security analytics at Vectra. "Just like a user employs a search engine to get information, a cyber spy will search massive online databases for information."

“Cryptomining efforts are popular across higher education," according to a study published in March from Vectra. Vectra reported that 85% of cryptocurrency mining instances happened in higher education between August 2017 and January 2018, compared to just three percent in the technology sector.

"Prevention will never be 100%," says Chris Morales, head of security analytics at Vectra. "That is unrealistic. The report states the breach was entirely preventable. I don't believe that is true. It is the same notion as building a wall would stop the drug trade. The criminal build tunnels instead."

Damning report on Equifax security failures is a lesson for all enterprises

December 11, 2018

Computer Business Review

"We can improve our ability to detect and respond to breaches by looking for the type of behaviors an attacker performs," says Chris Morales, head of security analytics at Vectra. "The most critical threat behaviors should be correlated with compromised hosts in real time before they become a problem."

“It is a classic ‘could have, should have’ scenario,” says Chris Morales, head of security analytics at Vectra. “As long as a motive exists, attackers will continuously attempt to compromise networks until they succeed. The failure comes down to people and process, not necessarily technology."

“Gaming has always been an arena for hacking and attacks,” says Chris Morales, head of security analytics at Vectra. “In today's competitive and financially lucrative gaming world, that means bypassing developer controls to gain a competitive advantage or disrupt other players.”

"Zero days are saved for the most critical needs," says Chris Morales, head of security analytics at Vectra. Most attackers don’t like to waste this type of knowledge when they can simply convince a user to give them access to their system instead."

“Enterprises are unable to spot worm reconnaissance and lateral movement behaviors," says Matt Walmsley, EMEA director at Vectra. "Security analysts can't operate at the speed and scale required to manually identify the threat and close down their lines of communication and movement."

AI companies race to get upper hand in cybersecurity before hackers do

December 3, 2018

Investor's Business Daily

To detect cyberthreats, their AI software sifts through massive stores of computer network data. Wall Street analysts are eyeballing and a handful of other private firms. With AI tools, the new AI companies are taking customers away from cybersecurity industry incumbents, analysts say.

Incident response continues to take too long as security teams try to figure out what happened and how do we stop it happening again, says Chris Morales, head of security analytics at Vectra. "It's important to spot and close down an attacker earlier in its lifecycle to minimize or stop a breach from occurring."

"Data exfiltration inside encryption can circumvent security controls like data loss prevent," Morales says Chris Morales, head of security analytics at Vectra. "Systems that watch for exfiltration behaviors, rather than trying to inspect the data payloads, can provide a way to handle this challenge."

Although Marriott reported the malware resided in its U.S.-based reservation system, if any EU guests were involved it could open the company up to fines due to GDPR, said Chris Morales, head of security Analytics at Vectra.

"With a real treasure trove of valuable personal information having been lifted, this is undoubtedly going to damage the Marriott Starwood brands, and could have a significant direct impact for their affected customers identity assurance," says Matt Walmsley, EMEA director at Vectra.

Marriott hack reaction: “It’s likely that every living human has been hacked”

November 30, 2018

Verdict

“With a real treasure trove of valuable personal information having been lifted, this is undoubtedly going to damage the Marriot Starwood brands, and could have a significant direct impact for their affected customers identity assurance,” says Matt Walmsley, EMEA director at Vectra.

Among the victims of ad fraud are companies that have to pay for every user who views their ads. "Every company has a budget for online ads, and this type of scheme would cannibalize that budget with no return on leads or sales," says Chris Morales, head of security analytics at Vectra.

"Misconfiguration of systems is as big of a risk as system vulnerabilities," says Chris Morales, head of security analytics at Vectra. "APIs for external service integration is important to offer services to customers, but poor security practices in API access and design puts enterprises in danger."

"The cybersecurity skills gap is alive and well, it’s challenging to hire and retrain cybersecurity talent," says Matt Walmsley, EMEA director at Vectra. "Within the next three years there will be in excess of 350,000 unfilled European cyber-security jobs than candidates."

The findings in the Vectra 2018 Spotlight Report on Energy and Utilities “underscore the importance of detecting hidden threat behaviors inside enterprise IT networks before cyberattackers have a chance to spy, spread and steal,” says Chris Morales, Vectra head of security analytics.

Vectra leverages its automated and self-learning algorithms to provide real-time detection and response capabilities. It can also score every detection and host in terms of the threat severity and enrich threat investigation and threat hunting scenarios.

Smaller yet expanding devices may be more appealing to hackers than to consumers, warned Mike Banic, vice president of marketing at Vectra. The number of mobile vulnerabilities is highest on Android apps, largely due to its open source nature and the questionable security of third-party app stores.

Biometrics and AI firm team up for first U.S. biometric database amidst criticism

November 13, 2018

SC Media

"Our best course of action is to work with the national governments to ensure any biometric system is highly secure and has auditing and oversight to ensure the proper use of the biometric data,” says Chris Morales, head of security analytics at Vectra.

"Organizations are moving towards more automation for very rational reasons," says Matt Walmsley, EMEA director at Vectra. "We need to understand how new AI tools work. This is new technology and we need to understand the fundamentals so we can understand how they work."

“Nation-state actors are well-resourced, innovative and highly motivated, and organizations have limited time, finite human and technical resources and capabilities with which to protect their rapidly expanding attack surface," says Matt Walmsley, director of EMEA at Vectra.

When looking specifically at the enterprise networks of energy and utility companies, Vectra detected 194 command-and-control attack behaviours against energy and utility companies for every 10,000 host devices – 25 more attack behaviours than the average across all industries.

Pentagon draws back the veil on APT malware with sudden embrace of VirusTotal

November 8, 2018

Threatpost

“Rest assured that they won’t be submitting their own offensive samples," says Vectra CTO Oliver Tavakoli. "And they won’t be submitting bespoke samples that were crafted to target them except for well after the fact so as not to tip their hand to the attacker."

Critical infrastructure Supervisory Control and Data Acquisition systems are a perennial target for hackers. According to a study released by threat monitoring firm Vectra on Nov. 1, there were almost 200 network hacking attempts for every 10,000 SCADA host devices.

Usually, such attacks are meticulously planned months in advance and under-protected networks are allowing criminals to cross the threshold of infrastructure networks, according to a new research report from Vectra.

The recent 2018 Spotlight Report on Manufacturing from Vectra suggested that the manufacturing industry suffers an inordinate volume of malicious internal network activity, lateral movement and reconnaissance activity; Deloitte also touched on these vulnerabilities in a recent article.

"We believe Vectra embodies the vision, drive and innovation that define a successful entrepreneurial venture. Vectra should be proud of its accomplishment,” says Alex Vieux, Red Herring publisher and CEO. Red Herring’s Top 100 Global list has become a mark of distinction for identifying promising companies and entrepreneurs.

Recent attack activity tracked by security threat monitoring firm Vectra of more than 4 million devices and systems shows that the IT networks in energy and utilities are being hit regularly by attackers intent on blending in as they conduct deep reconnaissance on their ultimate targets: The industrial networks.

"AI augments the human capabilities to work at the scale and speed that manual approaches simply can't touch," says Chris Morales, head of security analytics at Vectra. "This would invaluable, given that a lack of time is one of the top job concerns being cited from IT and security professionals."

In a new report, researchers at security vendor Vectra outline how hackers infiltrate energy and utilities systems and then move laterally across networks over a period of several months to gather intelligence and plan their attack.

The Vectra 2018 Spotlight Report on Energy and Utilities said that while ICS is in the crosshairs, most attacks against the energy and utilities industry occur and succeed inside the enterprise IT network – not in the critical infrastructure.

Cyber attacks against energy and utilities firms occur in enterprise not critical infrastructure

November 5, 2018

IT Pro

The majority of cyber attacks on energy and utility firms do not occur in the critical infrastructure of the firm, but inside the IT networks. According to a report by Vectra, such attacks are planned and orchestrated often months in advance rather than by launching an off-the-cuff attack.

Key findings underscore the importance of detecting hidden threat behaviors inside enterprise IT networks before cyberattackers have a chance to spy, spread and steal. These threat behaviors reveal that carefully orchestrated attack campaigns occur over many months.

"Enterprises are unable to spot reconnaissance and lateral movement attack behaviors, and security analysts and threat hunters cannot operate at the speed and scale to manually identify threats and close down their lines of communication and movement," says Matt Walmsley, Vectra EMEA director.

“The covert abuse of administrative credentials provides attackers with unconstrained access to critical infrastructure systems and data," says David Monahan, managing research director of Enterprise Management Associates. "This is one of the most crucial risk areas in the cyberattack lifecycle.”

"What is abundantly clear is that the sudden rise in demand for talent against a backdrop of relatively flat supply has created a hiring bottleneck in the path to establish a stronger security posture," writes Oliver Tavakoli, chief technology officer at Vectra.

“When attackers move laterally inside a network, it exposes a larger attack surface that increases the risk of data acquisition and exfiltration,” said Branndon Kelley, CIO of American Municipal Power, an electric-power generator utility that serves municipalities in nine states.

"It's very easy for an attacker to get into an energy utility network, use the tools that are already there, such as Outlook web access, and then hide within the signal of things that are already happening," says Chris Morales, head of security analytics at Vectra.

According to a new report published by Vectra, there is a key distinction between attacks that probe IT networks for information about critical infrastructure and those attacks that actually target industrial control systems (ICSs).

“There is a difference between attacks that probe IT networks for information about critical infrastructure versus attacks against the ICS on which the critical infrastructure operates,” according to the new report from Vectra.

More attention needs to be paid to IT networks in critical infrastructure

November 1, 2018

Politico

While attacks on industrial control systems take the spotlight, IT networks are more frequently attacked because they usually have schematics and data of those control systems, says Chris Morales, head of security analytics at Vectra.

Cyberattacks targeting energy and utilities firms have increased inside enterprise IT networks, rather than the critical infrastructure, according to Vectra's 2018 Spotlight Report on Energy and Utilities.

“Cognito filled a gap," says Brett Walmsley, CTO at Bolton NHS Foundation Trust. "We needed to know what we didn’t know, and Cognito showed us what was hidden. With Cognito, we don’t have to worry about not knowing an attacker is in our network.”

Securing middle America: Small towns more at risk of ransomware and phishing

October 19, 2018

SC Media

“Local governments generally don’t have the funding required to maintain a large security staff and large set of security tools,” Chris Morales, head of security analytics at Vectra said. “More often, at best, local governments are leveraging an outsourcing security provider to perform security monitoring .”

A cyber-skills shortage means students are being recruited to fight off hackers

October 18, 2018

MIT Technology Review

“No matter how much revenue you have, you can’t find the people,” says Hitesh Sheth, CEO of Vectra, which makes the AI software the Texas A&M University System uses. “People leave in 12 months because someone else will give them a 30% bump in pay.”

“The vast majority of IoT devices, particularly those aimed at consumer use, will have vendors and supporting supply chains that simply don’t have the resources, skills, or even the will to meet the framework’s recommendations,” says Matt Walmsley, EMEA director at AI security firm Vectra.

"Not having the technical understanding to manage the security of these devices, consumers unknowingly put their households at risk," says Matt Walmsley, Vectra EMEA director. Consumers should change their IoT devices’ default passwords to a strong password string, and always ensure the latest firmware is running.”

“In reality, the vast majority of IoT devices, particularly those aimed at consumer use, will have vendors and supporting supply chains that simply don’t have the resources, skills, or even the will to meet the frame work’s recommendations,” says Matt Walmsley, EMEA director at Vectra.

Matt Walmsley, EMEA director at Vectra, says that while the Code of Practice recognizes key IoT risks, there are problems surrounding it. “Voluntary codes of practices will likely only attract organizations who are already proactive and bought into addressing the issues the Code of Practice seeks to address,” he says.

Chris Morales, head of security analytics at Vectra, warns that the enterprise must tighten up software supply chain assurance and balance the risks and rewards of internet access and browser controls. "Organizations need to balance that against constraining legitimate organizational digital activities," he says.

"Startups that are just features and aren’t acquired may not have a chair when the music stops playing," says Vectra CEO Hitesh Sheth. "If you do the due diligence and pay attention, you can find some real gems that you want to return to."

“Over time, enterprise has built technologies and bolted them on, and there is a way that you can remove the layers with AI, because it is a big data analysis — taking what all of these various components are doing as part of the evolution and really bringing it back into one product,” says Matt Walmsley, EMEA director at Vectra.

An acquisition by a larger company can be both a good and a bad thing for a startup and its customers. "Startups that are just features and aren’t acquired may not have a chair when the music stops playing — and may have to shut their doors," says Hitesh Sheth, CEO at Vectra.

"The manufacturing industry exhibits higher than normal rates of cyberattack reconnaissance and lateral movement activity," says Chris Morales, head of security analytics at Vectra. "This is due to the rapid convergence of enterprise IT and operational technology (OT) networks, combined with the lack of security for IIoT devices."

Russian hackers targeted Cancer Research UK and other British businesses

October 8, 2018

The Telegraph

Magecart, an anonymous Russian group of cyber criminals, tried to steal the card details of people in the UK who had brought items through the cancer charity’s online gift shop. Matt Walmsley, EMEA director at Vectra, warned that charities are an “irresistible target” to hackers because they process large numbers of online payments.

"Machine learning allows us as defenders to adapt much more quickly in real-time to threats that are constantly changing," says Chris Morales, head of security analytics at Vectra. "What machine learning is good at doing is learning over time and adapting. As environments change, the machine can start to change."

“A proper response should include the revocation of credentials and user access from that system," says Chris Morales, head of security analytics at Vectra. "This works if the proper response policy is in place and users know to respond quickly to IT before potential access and compromise occurs.”

“AI is pretty complex, built around processing large amounts of data and learning from it,” explains Vectra CTO Oliver Tavakoli. “There are hundreds of thousands of lines of code behind AI interfaces and entities – and some are even neural networks that are not totally understandable by the people that created them."

"We will see more attack vectors that exploit software users," says Chris Morales, head of security analytics at Vectra. "We must assume vulnerabilities exist and will be exploited” He recommends focusing more on detecting threats in real time and responding rapidly to reduce the impact of vulnerabilities.

"The analysis and identification of signatures for the initial infection is always behind the threat becoming known and out in the wild," says Matt Walmsley, EMEA director at Vectra. "It’s not enough to build stronger defenses. Motivated and well-resourced attackers will always find a way given enough time and persistence."

“There aren’t many details on this as of yet, but what we do know is that the attackers manipulated a flaw in the ‘view as’ feature of Facebook to acquire user access tokens that would allow a person to log into user accounts," says Chris Morales, head of security analytics at Vectra.

Vectra CEO Hitesh Sheth talks with Bloomberg Markets about the crucial role that artificial intelligence will play in detecting and responding to cyberattackers in 2018. It will be an AI war, with nation-state hackers and organized cybercriminals using their AI threat arsenal to attack organizations who use AI as a defensive weapon.

AI is the inevitable next phase in cybersecurity. What is avoidable, however, is security burnout. By implementing key business and professional-growth programs – and augmenting the work of security analysts with AI – organizations can greatly reduce the security burnout rate while nurturing and developing future security analysts.

When WannaCry was first detected, we saw similarities in the code used for that ransomware attack with previous attacks attributed to North Korea, like the Sony hack. North Korea has been targeting banks directly with banking malware while using ransomware against other organizations to acquire a large volume of Bitcoin.

Vectra is hunting for channel partners in the UK after trebling its revenue in Q3, says Matt Walmsley, head of EMEA marketing. Vectra revenue jumped 294 percent in the third quarter this year, which Walmsley said was driven by a need for enterprises to address the detection gap that allows cybercriminals to easily breach networks.

In his latest installment in the CSO “Thinking Security” column, Vectra CTO Oliver Tavakoli explores the benefits of running red team exercises. Red team exercises enable organizations to understand how to respond when dealing with real-world advanced attacks and adapt to respond quickly to these threats.

The security operations center at Texas A&M serves 11 universities and seven state agencies. But with just seven full-time analysts and a risk-rich environment of 174,000 students and faculty, triaging security events was overwhelming, but with the help of Vectra Cognito, and it now takes 10-20 minutes to resolve an incident, on average.

"To gain access to the industrial control systems, the threat actor infected an SIS engineering workstation on what is supposed to be an isolated network," says Chris Morales, Vectra head of security analytics. "An infected laptop can be brought in by a contractor, connect to the network and spread to the controlled ICS environment."

Nation-state attackers shut down industrial plant with new ICS malware

December 15, 2017

eSecurity Planet

"The IoT and IT/OT convergence is accelerated by the speed of business and the implementation of AI to drive decisions in ICS environments," says Chris Morales, Vectra head of security analytics. "In addition, more ICS devices are running commercial operating systems, exposing ICS systems to a wider swath of known vulnerabilities."

People who use Google, Apple, Facebook and Microsoft trust that their communication is secure because of the use of HTTPS, says Chris Morales, Vectra head of security analytics. But entities can manipulate the border gateway protocol to perform man-in-the-middle attacks and manipulate TLS/SSL encryption to eavesdrop on users.

“The motivation of the attacker is always financial or competitive gain or theft of intellectual property,” says Chris Morales, Vectra head of security analytics. “The constantly changing landscape makes it nearly impossible to track cyberespionage organizations without a team of researchers focused on attribution.”

Keyloggers are an important weapon in the arsenal of cyberattackers, says Chris Morales, Vectra head of security analytics. "They're often used in the recon phase of targeted attacks to steal user credentials and other sensitive information that are used to compromise user accounts. Keyboard loggers are hard to spot with consumer anti-virus."

"Data exfiltration from cloud-based storage will accelerate," says Vectra CTO Oliver Tavakoli. "This will occur at the cross-section of IaaS and PaaS. And organizations will often have no idea that their data has been stolen. Virtual forms of traditional security products will be powerless to contain this threat."

"Why would a hardware vendor install this kind of software on their computers?" asks Chris Morales, head of security analytics at Vectra. "The key logger was a software development or test tool that should have been removed before the code was released. Any attacker could easily monitor everything a user does on their system.”

“If you are risk averse, transfer deposits made to your bitcoin wallet to a hard currency account with a bank,” says Matt Walmsley, Vectra EMEA director. However, he added, "Many exchanges may limit the amount you can transfer in one instance and you may not be able to empty your account, so buyers beware.”

"This NiceHash attack is reminiscent of the Carbanak heist in which the sophisticated attackers used the bank's own tools to steal their money," said Chris Morales, head of security analytics at Vectra. Morales says the most important security controls monitor internal traffic for the misuse of administrative credentials and administrative protocols.

"Consumers have no security controls to monitor botnet activity on their personal networks," Chris Morales, head of security analytics at Vectra, tells CSO magazine. "Security teams prioritize attacks targeting their own resources rather than attacks emanating from their network to external targets.”

"Exfiltration of data from cloud-based storage will accelerate," says Matt Walmsley, Vectra EMEA director. "Infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) attacks will see massive tranches of data from organizations being taken from the cloud, without IT/security team even knowing."

"We're now at a time where artificial intelligence needs to be introduced to identify and respond to threats automatically and in real-time, a task that humans alone are simply incapable of performing at adequate scale and speed," says Matt Walmsley, Vectra EMEA director.

Chris Morales, head of security analytics at Vectra, notes that the challenge is that traditional security and methods for internal data centers don't have the same visibility in cloud environments. "Companies like Uber who rely on cloud infrastructure need a security strategy with processes and tools that provide visibility into cloud attacks."

"Normal security tools and methods built for internal data centers do not have the same visibility in cloud environments where your systems and data are sharing a neighborhood (the internet and cloud apps) with millions and millions of other people, both good and bad," says Chris Morales, Vectra head of security analytics.

“This breach happened at the same time Uber was under investigation by U.S regulators for the 2014 breach,” says Chris Morales, head of security analytics at Vectra. “There are many breach notification laws, especially in California, that require immediate notification to consumers. We are the ones put at risk here, not Uber.”

"The lesson here is don’t assume the same security tools used in a private cloud will protect you in the public cloud," says Chris Morales, head of security analytics at Vectra. "To detect malicious behavior in the public cloud, you have to know what can be attacked and understand how it would be done.”

“Organizations recognize that there is a need to prioritize the protection of citizen’s personal data through disclosure, but can be reluctant due to the impact a confession will have on their reputation and market value," says Matt Walmsley, EMEA director at Vectra. "This Uber breach of trust has rattled the regulators."

"Anyone who performs an online transaction has personal data on the internet," says Chris Morales, head of security analytics at Vectra. "Even worse, personal information exists in places people are not even aware of or have any control over. The Equifax breach impacted more than 145 million consumers, and that's just one recent breach."

Automation and the use of artificial intelligence-based methods to detect, triage and correlate cyber security attacks in enterprise networks can be a powerful means for rapid risk reduction. We recently connected with Vectra CEO Hitesh Sheth to better understand how all this can be accomplished on a modern platform.

"AI automates repetitive tasks at massive scale and makes human security analysts better in the same way financial analysis tools enable bankers to be better," says Chris Morales, Vectra head of security analytics. "Similarly, AI can benefit from human intelligence by learning from the conclusions humans make based on AI’s automated analysis."

Texas A&M found a way to train the next-generation SOC analysts using Vectra. Dark Reading reports that the university added AI-based Vectra to the SOC to cut the time to vet alerts, a process that often took hours to reach the action phase. AI now provides context to alerts and now it only takes 15-20 minutes to triage them.

"Once the attackers get inside, how do they sustain control, how do they move, how do they ultimately accomplish their goal?" asks Vectra CTO Oliver Tavakoli. "It can look more like a heist movie, a bank robbery of a vault where you have to go through a myriad of steps. That's where AI can help pore through the data."

"We will see an uptake in the exfiltration of sensitive data at the cross-section of IaaS and PaaS," says Vectra CTO Oliver Tavakoli. "On top of this, organizations will often have no idea that their data has been stolen. Virtual forms of traditional security products will be powerless to contain this threat."

When it comes to AI and machine learning, Vectra is one to watch, according to Dark Reading. Vectra was cited by Dark Reading for its playbooks that speed-up the response to in-progress cyber attacks, integration with other security products, and several patents for AI-based threat hunting.

The positive view is that the community constantly reviews Linux source code and can respond before attackers do, Chris Morales, head of security analytics tells LinuxInsider. "The negative view is that open source code is not maintained regularly and depends on an army of volunteers to keep safe. The truth is somewhere in between."

The Coop Group decided that network perimeter defenses were insufficient to safeguard customer information, internal systems and point of sale systems. As a result, Coop selected Vectra artificial technology to detect and respond to cyber-attacks in real time and prevent or significantly mitigate the impact of a data breach.

Coop chose Vectra after identifying significant economic and security gains resulting from the introduction of AI security automation. After evaluating multiple solutions, it turned to Vectra and its Cognito AI platform to help protect them detect cyber attacks in real time and speed response by augmenting their security operations team.

“The risk with third-party services is exposure through unknown system and application vulnerabilities," says Chris Morales, head of security analytics at Vectra. "Organizations should do their own security assessments of third-party services and externally monitor the activities on these services, independent of the service provider."

Vectra, makes the Tech Tribune's Top 10 list of best startups in San Jose. In conducting its research, the Tech Tribune editorial staff considered several critical factors for its Top 10 list, including revenue potential, leadership team, brand and product traction, and competitive landscape.

Organizations need to “clean out debris — incomplete and broken data — and massage data from different sources to make it compatible, comprehensible and as easy as possible to analyze,” says Vectra CTO Oliver Tavakoli. “Make the data as self-describing as possible so all members of the team understand the meaning of the various bits.”

“Different applications and processes have unique communication patterns," Vectra CTO Oliver Tavakoli writes in CSO. "Attacker traffic often looks different from user traffic, whether it is encrypted or not. Instead of looking inside the encrypted stream, sophisticated math is used to find signals that indicate a threat.”

“We see this trend all the time in targeted attacks,” says Chris Morales, head of security analytics at Vectra. “Attackers understand their target's working environment, identify key software to compromise, and then once they establish a foothold, the attacker begins to snoop around for data to steal.”

Amazon Key allows couriers to open your front door and drop-off a package using a digital keyless lock and cloud cam. But can it be hacked? Matt Walmsley, EMEA director at Vectra, comments on the security concerns and the ease in which hackers can compromise webcams.

“We see this trend all the time in targeted attacks,” says Chris Morales, head of security analytics at Vectra. “Attackers identify key software to compromise to initially infect the target, establish a foothold and begin to snoop around for data to steal.”

"I was an investor in Vectra during my time at Intel Capital," writes Ken Elefant at Sorenson Capital. "By comparing outside network data to the log inside the enterprise, Vectra can automate the process of detecting attacks. Human workers simply could not wrap their arms around such a broad distribution of information."

Security experts air concerns over hackers using AI and machine learning for phishing attacks

October 30, 2017

Computer Weekly

Trying to make sense of machine learning data from phishing campaigns is often inefficient and impractical. But security companies can use machine learning to "unlock patterns in large swaths of data to detect something in real time and make a decision,” says Vectra CTO Oliver Tavakoli.

The city of Peterborough, Ontario tried Darktrace and Vectra Cognito. It chose Vectra. After deploying Cognito, “We left it alone for a couple of days to learn and that was it," says Nick Powers, the city's IT security manager. “We are better positioned from incident detection and response than we were six months ago."

In the shadowy cybersecurity world, artificial intelligence is highly touted as a means to find the clues to lurking malware. Using artificial intelligence, "we focus on the duration, timing, frequency, and volume of network traffic," says Chris Morales, head of security analytics at Vectra. "Data on a sequence of activities points to hidden risks."

Accenture accidentally revealed internal data when it allowed public access to four of its Amazon storage buckets. "They were fortunate that it was discovered by someone who helped prevent damage," says Vectra CEO Hitesh Sheth. "It could have easily been used for snooping and data gathering on large enterprises with very harmful effects."

Cyber insurance could lower risk of hacks before an M&A deal is completed

October 20, 2017

TheStreet

"Knowing that attackers may have free rein in a network for 99 days before they are detected, acquiring companies should be prepared for the potential risk and liability of a cyberattack for at least one quarter past the close of a deal," says Vectra CEO Hitesh Sheth.

DAQRI, a maker of augmented reality for the industrial workplace, uses Vectra to monitor network traffic from 1,200 devices. "When you look at traffic, you can see if someone is doing port scans, jumping from host to host or transferring large amounts of data in an unconventional way," says Minuk Kim, senior director of IT and security at DAQRI.

"Enterprises need to increase their visibility inside the network to automatically detect, analyze and respond to nefarious behaviors before they have time to escalate into critical security incidents," says Matt Walmsley, EMEA director at Vectra.

Vectra CEO Hitesh Sheth talks with Fox Business News about the recent theft of U.S. classified information from an NSA contractor’s computer by hackers who were reportedly working for the Russian government.

Last week, Vectra announced that European glass manufacturer Vetropack Group would use Vectra's AI cybersecurity software. Vetropack officials say that offloading its security team was one of the goals in implementing Vectra's platform, which can be used to analyze data from many sources.

Matt Walmsley, EMEA director of Vectra, warns "While the IoT may be bringing more devices onto the network than ever, these devices are rarely truly hardened, patched or updated. Their creators may have decades of electrical and mechanical engineering experience, but often lack experience of computer programming or internet security."

Equifax, one of the three largest business agencies in the US, has been successful in hacking its IT systems. "Companies should focus their attention and investment on the detection of ongoing attacks. Hacker attacks need to be detected and addressed more quickly, "said Gérard Bauer, VP EMEA at Vectra, a provider of cyber-security solutions based on artificial intelligence.

“Vectra is advancing automated threat hunting with the introduction of Attack Campaigns. The Vectra Cognito platform now further automates threat hunting by exposing the relationships between threat detections on separate workloads and devices to understand the activity and scope of attack campaigns.”

Chris Morales, head of security analytics at Vectra, said: “Equifax needs to raise their cybersecurity score. Enterprises have to realise they cannot address cybersecurity by simply spending money on intrusion prevention solutions and instead need to shift investments to detection and response solutions that are being used by today’s advanced attackers.

Commenting on the leak, Chris Morales, head of security analytics at Vectra, said “Enterprises have to realise they cannot address cybersecurity by simply spending money on intrusion prevention solutions and instead need to shift investments to detection and response solutions that are being used by today’s advanced attackers.”

Chris Morales, head of security analytics at Vectra, said “Equifax needs to raise their cybersecurity score. Enterprises have to realise they cannot address cybersecurity by simply spending money on intrusion prevention solutions and instead need to shift investments to detection and response solutions that are being used by today’s advanced attackers.”

Chris Morales, head of security analytics at Vectra commented "Enterprises have to realise they cannot address cyber-security by simply spending money on intrusion prevention solutions and instead need to shift investments to detection and response solutions that are being used by today's advanced attackers.”

Artificial Intelligence (AI) is considered a major future trend for many areas of technology. From the smartphone, to car and home automation, to customer analysis and even to counter cyber attacks, KI is to revolutionize the technology.

Many enterprise organizations are currently evaluating the Vectra Cognito platform, and over the past weeks, several customers detected WannaCry attacker behaviors. Just because the headlines stopped, doesn’t mean that the attack did.

The Vetropack Group, a leading European manufacturer of packaging glass, uses Vectra's cybersecurity platform as the basis for protecting its central systems and information and for more effective organization of its security operations.

Many companies moving from a private cloud to a cloud service are unaware of increased threats. It's worth examining the differences in private versus public clouds when it comes to threats that applications and data encounter. When I talk to customers about the differences, I use a metaphor of what's happening onstage versus backstage.

Penny Crosman writes about how IT teams as well as cyber attackers use artificial intelligence. Greenhill & Company’s CIO, John Shaffer discusses his use of Cognito, “What you’re really interested in is trying to figure out what the smart actors are doing. That’s where machine learning and AI come into play.”

As more companies are considering putting mission-critical applications and data into the public cloud, it's worth examining the differences in private versus public clouds. The lesson: don't assume that the same tools you use in your private cloud will adequately protect you in the public cloud.

Penny Crosman writes about how IT teams as well as cyber attackers use artificial intelligence. Greenhill & Company’s CIO, John Shaffer discusses his use of Cognito, “What you’re really interested in is trying to figure out what the smart actors are doing. That’s where machine learning and AI come into play.”

Penny Crosman writes about how IT teams as well as cyber attackers use artificial intelligence. Greenhill & Company’s CIO, John Shaffer discusses his use of Cognito, “What you’re really interested in is trying to figure out what the smart actors are doing. That’s where machine learning and AI come into play.”

Penny Crosman writes about how IT teams as well as cyber attackers use artificial intelligence. Greenhill & Company’s CIO, John Shaffer discusses his use of Cognito, “What you’re really interested in is trying to figure out what the smart actors are doing. That’s where machine learning and AI come into play.”

The infosec world is embracing artificial intelligence and the seismic changes it will bring to threat detection and mitigation, Vectra CSO Günter Ollmann writes in Dark Reading. As networks become more sophisticated, generate more data, and are exposed to advanced threats, AI and the automation it empowers are the cure.

The magnitude of the Yahoo! data breach – more than 1 billion user accounts compromised – is by far the largest that has ever occurred. But Yahoo! is not the exception. Routers, switches and servers in the vast majority of data centers where customer account information is kept are largely unprotected and highly vulnerable to cyber attacks.

The incoming U.S. administration would be well advised to take the recent Democratic and Republican National Committee hacks seriously, Vectra CEO Hitesh Sheth tells CNBC. "We can safely assume that nation-state actors will continue their efforts to affect U.S. economic interests as well as our democratic and political processes."

On news that data breach insurance claims are being made at a rate of over one a day, Matt Walmsley, Vectra EMEA director, says “By automating detection using the very latest self-learning security tools, and with it the response to an incident based on early indicators, many attacks can be nipped in the bud before they become costly incidents.”

There are a lot more tools necessary and available to combat the cyber threat, at the edge, at the endpoint and in between. “It is important to identify, develop and train associates who are motivated cyber warriors, and it is an ongoing process, due to the velocity of change," says Joe Duffey, CISO at Natixis Global Asset Management.

Chris Morales, head of security analytics at Vectra, says encrypted network traffic is having an impact on security that relies on deep packet inspection, whose efficacy degrades as more traffic is encrypted. Even worse, traditional security responses to handling encrypted traffic will suffer due to certificate and public key pinning built into applications.

Matt Walmsley, EMEA director at Vectra , says that a rise in claims for digital theft and intrusions was taking place amid growing nation state-driven cyber crimes and the looming risk posed by GDPR compliance requirements and punitive fines. There is also growth in corporate cyber extortion using ransomware and malware.

Chris Morales, head of security analytics at Vectra, tells CSO that critical firewall vulnerabilities will continue to be ignored in 2017. According to the Shadow Server website, there are still more than 816,000 Cisco firewalls connected to the Internet that are vulnerable, undermining the inherent trust placed in firewalls.

Günter Ollmann, CSO at Vectra, explores how the information security industry is starved of experienced security workers and how it is proving detrimental to its advancement and exposing IT systems and Internet businesses to criminality and ransom. In the next 25 years, AI defense systems will unleash unimaginable ways to combat cyber threats.

Hitesh Sheth, CEO at Vectra, outlines his top cybersecurity predictions for 2017. Attacks on the U.S will increase during Drumpf’s administration, new forms of ransomware will become a big headache for security response teams, data center attacks will increase, and firewall vulnerabilities will continue to be ignored.

It is estimated that today there are over 1 million InfoSec positions unfilled – growing to over 1.5 million by 2019 – and more than 200,000 of those vacancies are in the U.S. This global shortage of expertise and experience lies at the very heart of the InfoSec world’s ability to respond to cyber attacks – affecting vendors and consumers alike.

Employees who reuse credentials or shop from their work computers are at risk, says Chris Morales, head of security analytics at Vectra. Fake Best Buy or Amazon promotional emails could be a phishing attack infecting computers with ransomware or exploits to initiate a targeted cyber attack, while everyone is supposed to be enjoying holiday cheer.

Data centers are the main repository for digital assets and resources, and their high value makes them a target for attackers. But threats in the data center are relatively mature by the time they manifest. With more assets residing in data centers than ever before, how safe is it? Matt Walmsley, EMEA director at Vectra, explains.

With more unmanaged and seldom-updated devices connecting to our networks, behavior-based security is an essential line of defense. It ensures that unusual activity and volume are quickly identified and addressed, and this can be done regardless of the device being targeted. Matt Walmsley, EMEA director at Vectra, makes the case.

What can organizations who expect to be a target do about an APT? And how sure can anyone really be that they are ready to respond? Expecting the unexpected is a difficult task, says Matt Walmsley, EMEA director at Vectra, quite reasonably, although in terms of cyberattacks the truth is that prevention alone fails.

For years, the security community focused on perimeter defenses, but ensuring all is well requires more than building a bigger wall. Hackers only need about 146 days to spy, spread and steal, according to Mike Banic, vice president of marketing at Vectra. And it only takes about three days for an attacker to gain administrative credentials.

Darknet website AlphaBay sells tens of thousands of items related to malware, exploits, hacked accounts, stolen credentials, and hacking services. Christopher Doman, a threat analyst at Vectra, talks about the AlphaBay market and forum and explains the various ways this information can be used for nefarious purposes.

As more business decisions rely on big data analytics, cybercriminals have greater incentive to pollute the incoming data to alter decisions or make them predictable so they can be monetized, says Vectra CTO Oliver Tavakoli. This can cause a hedge fund to buy or sell a stock. “Criminals can make large sums of money front-running the transaction.”

In 2017, ransomware will be used with other techniques for blended attacks, says Vectra CSO Günter Ollmann. Despite ransomware detection improvements made in 2016, most organizations still do not have a sufficient offline backup strategy to restore files, whether the ransom is paid or the attacker provides the encryption key.

"Everyone with a newly minted computer science degree is being encouraged to get into cybersecurity, as the lack of candidates is driving up salaries," says Vectra CSO Günter Ollmann. Although the U.S. Department of Homeland Security event "was pitched under the banner of cybersecurity, it is not clear what jobs were actually being filled."

"The CISO usually becomes the person who drives both the strategy and the budget," says Vectra CEO Hitesh Sheth. "They usually have a team." It's often seen in the Fortune 50 companies that "the CISO is still heavily involved, but the board is involved as well. It has become a regular topic among the board of directors."

The challenge of detecting attack behaviors in network traffic is immense. Finding correlations across protocols without intrusive deep packets inspection requires analyzing thousands of correlations between metadata from internal and external network traffic. A few companies are using AI technology to tackle this challenge, including Vectra.

Alex Waterman, senior director of product management at Vectra, predicts that cybercriminals will step up their efforts to corral legions of unprotected IoT devices to mount even more sophisticated attacks. Also, the attack tools published by the Shadow Brokers hacking group will be used against the data center’s vulnerable physical infrastructure.

Alex Waterman, senior director of product management at Vectra, predicts that cybercriminals will step up their efforts to use more vulnerable IoT devices to mount attacks and the tools published by the Shadow brokers hacking group will be used against the data center’s unprotected physical infrastructure.

“It’s troubling that the breach was discovered only after receiving complaints from customers that scammers were fishing for their bank account details," says Vectra CTO Oliver Tavakoli. "With the availability of real-time detection methods today that identify what’s happening at any given moment, this lack of awareness is shocking."

The accuracy of polling results failed miserably in the 2016 election. From a data science perspective, what are the lessons learned from the big data polling blunders in election predictions? The lesson is all about using the right data for the problem at hand, and not about questioning if the data is right. The same applies for cybersecurity.

Most organizations continue to struggle with malware-based intrusions, according to this column written by Vectra CSO Günter Ollmann. Despite the deployment of policies, user education, enforcement chokepoints, data inspection, and regular assessments of defenses, malware remains the primary method of breaching the corporate network.

"Just as hacking, cybersecurity and email breaches have been core to the election process, they will continue to grow and affect the U.S. government," says Vectra CSO Günter Ollmann. "Hence, in Trump's presidency, the U.S. government and agencies will have their hands forced in dealing with this invasive hacking epidemic.

Vectra CTO Oliver Tavakoli explains to SC Magazine that the variety, volume and velocity inherent in big data makes it difficult to ensure integrity of all of the data. To combat this challenge, Tavakoli encourages organizations to always pay attention to where the data is coming from and to encrypt the data.

A global shortage of expertise lies at the heart of the infosec world’s ability to respond to attacks and has considerable effect on vendors and consumers alike. Vectra CSO Günter Ollmann explains why unfilled jobs are the biggest threat to the cybersecurity industry, and identifies three ways to approach the problem.

Every new technology that guards against cyberattacks forces hackers to evolve. Automated attacks are now capable of learning to use an application and carrying out its basic functions. For example, Wade Williamson, director of threat research at Vectra, says banking malware can transfer money belonging to a compromised account.

"You should keep Internet-enabled devices – like video cameras—on a separate network from the primary business network that deals with customer financial transactions, like point of sale systems, intellectual property, or any form of regulated data," said Chris Morales, head of security analytics at Vectra.

Vectra CSO Günter Ollmann chastises "the person who holds open a secure door for a slow moving 'employee' without checking for a badge. One of the easiest ways to infiltrate a secure building or data center is to appear encumbered (e.g., having both hands full with boxes) and wait for an authorized person to open the door for you."

How to stop the Mirai botnet: Can blocking Port 23 fight further DDoS attacks?

November 3, 2016

International Business Times

One of the biggest reasons we now have the Mirai botnet is that "the (IoT) manufacturers are trying to save money and reduce the time to market, and only after the product has been proven to be popular do they go back and add security to it," Vectra CSO Günter Ollmann tells the International Business Times.

Vectra CSO Günter Ollmann weighs in on the most vital areas of focus for new CSOs during their first weeks on the job and shares advice for prioritizing problem areas. Ollmann also shares two different yet critically important perspectives on security – vendor and non-vendor – and what to take care of on day one.

“Whether it’s freedom fighters or terrorists, the cyber-domain is an important theatre for propagating a cause," says Vectra CSO Günter Ollmann. "Tools that target the opposition and gather valuable intelligence are in play by small and large groups around the world. Cyber warfare isn’t just the domain of large nation-state actors.”

Researchers at Vectra Networks have been monitoring the group for the past two years and determined that its operations focus on Middle Eastern political issues. The threat actor has been dubbed “Moonlight” based on the name of a command-and-control (C&C) domain used in the attacks.

Moonlight group is likely to be involved in cyberespionage, warns Vectra Networks. “They put effort into crafting the emails, the websites, the documents they've created, putting a fair amount of energy into it. But beyond that the underlying tech is off the shelf," says Vectra CTO Oliver Tavakoli, emphasizing how attackers don't need sophisticated hacking skills.

Identified by Vectra Networks, this particular campaign used spear-phishing emails and social media lures to trick targets into installing the H-Worm malware. H-Worm creates a backdoor that can be used to further compromise targets with a remote access Trojan called njRat.

A hacking group is running a wide ranging cyber-espionage campaign against targets in the Middle East. Security firm Vectra Networks says it has identified over 200 samples of malware generated by the group over the last two years. The assaults are not technically sophisticated but nonetheless tricky in their use of social engineering tactics.

Your router, home Wi-Fi, refrigerator and webcams could be part of an international army of zombie attackers. “A newly installed Wi-Fi home router is likely to be compromised within weeks if the default passwords are not changed – or within a few hours if you live in a more densely populated metropolitan area,” says Vectra CSO Günter Ollmann.

Vectra CEO Hitesh Sheth offers career advice about breaking into the tech industry: “Don’t play it safe. The tech industry is very unique with lots of opportunity for someone just starting their career. Take risks. Look for startups that can drive exponential change and not just ones that seem to be the 'coolest.'”

"If these gadgets are not regularly updated to address vulnerabilities, then they are left open to exploitation," says Vectra EMEA Director Matt Walmsley. "There's now a lot of pressure on the manufacturers to raise their game and support the embedded software side of things as long and as vigorously as, say, a PC operating system vendor does.”

"Under the forthcoming EU General Data Protection Regulation (GDPR), the fines could have been much higher – up to 4 percent of worldwide turnover. In the case of TalkTalk, that could have been £72 million based on 2015 turnover,"Vectra CSO Günter Ollmann says. "In that respect, the company has got off lightly.”

“Autonomous, behaviour-based threat monitoring can prevent a repeat of the same type of attack for any company, without requiring a major capital investment in more IT security staff,” Vectra CSO Günter Ollmann tells ITProPortal. "This new type of security approach allows known and unknown malware and attack vectors to be spotted.

Jonathan Barrett and Justin Heath from Vectra weigh in on the most serious cybercrimes of the past year. About the Shadow Brokers' hack of the NSA-affiliated Equation Group, Barrett notes that "the penetration of such a highly regarded organization demonstrates what serious security professionals already know: Everyone is vulnerable."

The Mirai botnet malware used in the DDoS attack that took down the site of infosec journalist Brian Krebs was clocked at 620 Gbps. It was released in the Hackforums community website by Anna-senpai, who claims to have authored the code. Vectra CSO Günter Ollmann explains security concerns around Mirai and the dangers of default passwords.

Even in the tech industry, sticky tape remains a preferred security measure

October 3, 2016

Fast Company

The risk isn’t limited to traditional webcams, says Vectra CSO Günter Ollmann, whose company found vulnerabilities in an inexpensive networked camera earlier this year. Internet-enabled home security cameras and networked TVs can also be hacked. So can videoconferencing tools in offices, which can be used as a gateway into other office machines.

Exploiting the firewall beachhead: A history of backdoors into critical infrastructure

September 30, 2016

IT Security Guru

Firewalls have rarely been a hindrance to breaching a network and siphoning data, according to IT Security Guru. Vectra CSO Günter Ollmann explores the history of the firewall over the last three decades and how vulnerable it is to targeted and persistent attacks by sophisticated adversaries, particularly through the use of backdoors.

"I anticipate that now that the bridge has been crossed, other security researchers will attempt to work with similar investment companies to monetize the vulnerabilities and research they have conducted," said Günter Ollmann, chief security officer at the cybersecurity firm Vectra Networks.

Matt Walmsley, EMEA director at Vectra, comments on the Yahoo hack: “It’s concerning how many organisations are unaware of huge data breaches taking place in their networks. Research shows that about two out of 10 data breaches are detected internally – leaving around 80% to be detected by external discovery and third-party agencies.”

"By calling it 'state sponsored' organisations, are attempting to deflect the discussion from the types of tools used and their failed defences, and to posit that they had no chance of protecting their data because 'the government did it'," said Günter Ollmann, chief security officer at Vectra Networks.

While U.S. officials have suggested designating election systems as critical infrastructure after the Democratic National Committee hack, 62% of Passcode Influencers say it's not enough. “Unless we move beyond a declaration and into actual protection, proclamation would act more like an invitation to global hackers," said Vectra CTO Günter Ollmann.

Günter Ollmann, CSO at Vectra Networks, said, "Instead of buying hardware and appliances with a three-to-five-year depreciation lifecycle, they are buying a service. They are now paying, typically, based around number of servers or users being protected. Their security spend can change drastically in Capex and Opex."

We need to recognize the uniqueness of the data center and the threats they face, while recognizing that this uniqueness does not make them separate. Look for the attack techniques that are unique to the data center, while retaining the context of everything we've learned in the campus. This requires some planning, but is achievable.

The more places your information is stored and the more people have access to it, the more potential points of attack there are, said Vectra CEO Hitesh Sheth. Encrypted databases don't mean much if your financial advisor takes work home on an unencrypted thumb drive or an office assistant falls for a phishing email.

Vectra's prediction that 2016 would see ransomware "focus more on holding enterprise assets hostage and less on individuals," is supported by a recent report that shows nearly 40% of businesses surveyed experienced a ransomware attack in the last year. Over a third lost revenue and 20% had to completely cease business operations.

Vectra, which has been focusing on campus networks, is expanding its reach to the data center and the public cloud. The company is among a new wave of security companies that detect attacks in progress. Vectra's new strategies detect bad behavior because intruders in the data center don’t have the same goals as intruders in the campus network do.

Security experts from Vectra Networks have taken a closer look at one of the files leaked by the Shadow Brokers, a nefarious group that claims to have stolen hacking tools from the Equation Group, a US-based cyber-espionage actor that some security vendors say is the NSA.

A challenge facing virtualised data centres is securing the physical infrastructure on which the virtual or shared service sits. The point of attack is the area outside of the hypervisor and virtual machines, utilising support and management protocols such as IPMI. It is the physical infrastructure – the servers, switches and firewalls – that is being targeted.

Does behavioural analytics fit into the concept of machine learning? Vectra EMEA Director Matt Walmsley comments, "Behavioural analytics is a powerful component in machine learning, based on real-time threat detection and management. By focusing on behaviours rather than signatures, it's possible for previously unknown threats to be identified."

Matt Walmsley, EMEA director at Vectra, says “channel partners are looking to augment and build out multi-layered offerings and service delivery capabilities as they transform their business as traditional resellers to being very services led. That's why we've gone out and created technology alliances."

With all the effort expended on securing virtualized environments, one of the biggest vulnerabilities is in hardware, says Wade Williamson, Vectra director of threat analytics. This is true not just in the data center, but in our laptops. The underlying firmware, controllers, and BIOS can undercut what we think we know about a device.

Months on from Apple and the FBI headlines, the security industry has had a chance to reflect on the lessons learned about backdoors in products – whether deliberate or put there without all parties knowing. Vectra CSO Günter Ollmann looks at the case for encryption in the second half of 2016.

Matt Walmsley, EMEA director at Vectra, comments on the Sage breach, “The simplest way to access unauthorised systems is through the acquisition and misuse of legitimate credentials. Other 'insiders' may seek to escalate their privileges or broaden the hosts and services they wish to access for nefarious reasons."

Following a data breach at HEI Hotels & Resorts, Vectra CSO Günter Ollmann explains why the hospitality industry continues to serve as a target of attack. Because the hospitality industry “depends heavily on transient and temporary staff, they are more prone to physical subversion of their systems.”

Günter Ollmann, CSO at Vectra networks, talks to Mike Mimoso at Black Hat about ransomware as a prototype for malware going forward, as well as the long-term future of exploit kits and whether IoT is something that can be secured sooner rather than later.

Here’s one more: Vectra Networks, winner of the Best-of-Black Hat award for most innovative emerging company. Vectra’s technology uses machine learning and behavioral analysis to spot threats in network traffic in real time, and it has a comprehensive channel program.

Dark Reading names Vectra the Best of Black Hat Most Innovative Emerging Company

August 3, 2016

Dark Reading

Dark Reading selected Vectra for addressing security challenges with solutions that are inventive and practical. "With a glance at the simple, elegant visualization used by Vectra’s Threat Certainty Index, an infosec pro will know in moments what needs their attention first,” notes Editor-in-Chief Tim Wilson.

Vectra CTO Oliver Tavakoli said it best: “We need to use machine learning where it makes sense – when we analyze advanced of attacks, correlate behavior and conduct data reduction. When we call it AI, we're constructing a narrative that is often used by marketing to build buzz. The term is one of pop culture rather than an actual scientific term.”

Vectra CSO Günter Ollmann, Vectra CTO Oliver Tavakoli and security researcher Lane Thames at the Tripwire Vulnerability and Exposures Research Team agreed that the vulnerability should not have been discussed on Twitter, but Tavakoli thought the security flaws were nonetheless disclosed responsibly.

As advances in network-based detection increase the fidelity and coverage of malware and threats, the possibility of specific attribution will continue to recede, says Mike Banic, vice president of marketing at Vectra. The malware ecosystem continues to evolve swiftly, and security researchers and professionals need to adapt accordingly.

July was the busiest month in recent memory for vulnerabilities, says Wade Williamson, Vectra director of threat analytics. The vulns were copious and severe, and all the big vendors seemed to suffer. And while every organization strives to keep their technology patched and updated, months like this remind us that it is impossible to be perfect.

We have to consider that the tools and tactics of our adversaries will evolve and change in parallel with ours, warns Oliver Tavakoli, CTO at cybersecurity firm Vectra Networks. “After several years spent trying to perfect predictive analytics, attackers will counter with feints and pattern randomization."

CRN named Vectra Networks to its prestigious list of 2016 Emerging Vendors. Vectra was singled out by CRN as a rising technology innovator who is reshaping the future of the IT channel. The CRN Emerging Vendors list is a valuable resource for solution providers looking to expand their portfolios with cutting-edge technology.

Cyber security basics: Four best practices for stopping the insider threat

July 20, 2016

Computer Business Review

Whether external and insider, detecting threats requires identifying when hosts behave in a way that exposes data or assets. “There is a need to track the flow of data within a network to proactively identify the acquisition, staging, and stealing of data, whether driven by an insider or outsider,” says Matt Walmsley, EMEA director at Vectra.

Microsoft rolls out a patch to fix a 20-year-old security flaw; but is it really effective?

July 15, 2016

University Herald News

The security flaw enabled malicious users to covertly install a hand-picked malware on computers that connect to fake printers or devices that pose as printers. Vectra Networks security experts found that the issue dwells in the Windows Print Spooler component that connects to available printers.

Windows warning: This 20-year-old glitch could leave you vulnerable to malware

July 14, 2016

Daily Express

Researchers at Vectra Networks have unearthed a 20-year-old flaw in Windows Print Spooler, used to oversee the printing process from Microsoft desktop and laptop machines, that leaves machines open to attackers. According to Vectra Networks, the Print Spooler does not check whether a printer's drivers are legitimate as you plug in the hardware.

“This research underscores the many possibilities that IoT devices, like printers, present to attackers,” said Vectra CSO Günter Ollmann. “Such devices are rarely assessed for security flaws, backdoors, or as watering hole threats, and represent a growing blind spot for both corporate and home networks.”

Whenever software is updated, security experts are usually pretty quick to spot flaws that could lead to malware infections, aided by various bug bounties and the like. Some potential flaws however slip through the net for days, weeks, months, years and - very rarely - decades. Vectra Networks has found one such flaw that dates back around 20 years.

Researchers at Vectra Networks have discovered a roughly 20-year-old flaw in Windows Print Spooler (which oversees the printing process) that lets attackers slip malware on to a PC. As the spooler doesn’t verify that a printer’s drivers are legitimate when you plug the hardware in, it’s possible for attackers to install maliciously-coded drivers thorough either the internet or the printer itself.

"Microsoft is pretty much between a rock and a hard place," Nicolas Beauchesne, senior security researcher with Vectra, says. "Printer vendors have yet to agree on a printing standard or in some cases, to even sign their drivers. Ensuring that every driver is signed would break older printers until their respective vendors deploy new drivers for all their models."

Vectra CSO Günter Ollmann explains that the unsupervised learning element comes from first baselining the network’s usual behavior. The system then monitors for any abnormal behavior on the network. It can be aided, he added, with "hints," or manually labeled events – but basically it works on its own.

Sanrio says the loophole that provided an attack entry method potentially allowing cyber criminals to bypass traditional security defences in order to enter and exploit internal systems with the appearance of a legitimate user, has been closed and data is now safe.

New technologies, such as machine learning, have evolved to help organizations improve their response to modern attacks. Although the financial industry has been using machine learning since the 1970s to detect fraudulent behavior, use of machine learning in the information security sector is a recent phenomenon.

Higher education is a key target for cyber attacks because of the open networks common on college and university campuses. Thousands of students and faculty wander on and off the network with their own devices, bringing viruses and malware to the wider community and creating nightmares for security teams.

A SANS Institute report, backed with findings from Vectra, explains how an automated threat detection system that combines behavioral analysis, data science and machine learning can help organizations meet Critical Security Control (CSC) mandates.

In 2016, what organisations need are tools that identify the activities of the attacker inside a network before a data breach occurs, with a focus on how to quickly intervene, minimise the time they are exposed and reduce the impact of cyberthreats.

Hernan Londono, associate CIO at Barry University in Miami, talks about embracing campus mobility and BYOD, and explains why a strong Advanced Persistent Threat (APT) defense is vital to protecting the university's network from mobile devices that it doesn't own or manage.

Automated network threat detection tools that use data science, machine learning and behavioral analysis work with perimeter security to help organizations meet security goals defined in the CIS Critical Security Controls recommendations and protect against attackers, according to a new report from the SANS Institute.

The core view of most of the experts we spoke to was that, while it is not clear if there is a higher number of CISOs now, these individuals are definitely gaining a stronger position within the business.

Despite being vulnerable to cyberattacks, many universities still have insufficient threat management defenses. Attackers can easily evade perimeter security defenses and spy, spread and steal for the better part of a year, undetected. In the process, they'll take vital research data, personal info and financial records from campus community members.

VTech hackers purportedly made off with millions of pieces of customer information and have now been revealed to have stolen photos and private chat histories, too. VTech sold an app called Kid Connect that lets parents use their smartphones to talk to their kids through their VTech devices.

What steps can be taken to detect and block exploits that take advantage of software vulnerabilities? And how can security teams better understand the behaviour of legitimate software components? Preventing the exploitation of software vulnerabilities is desirable but their detection is a must for organisations and their security teams.

Officials from Vectra Networks and Barry University in Miami discuss insufficient cyber attack defenses at many colleges, despite existing vulnerabilities. They also discuss new defense-in-depth models that quickly pinpoint and mitigate threats in progress and share security strategies that enable mobility as well as open and collaborative learning.

Ransomware is targeting enterprise networks with a vengeance. In addition to user hard drives, it's been increasingly successful at encrypting file-shares and network drives. Consequently, ransomware has evolved from a mere nuisance to a potentially debilitating attack that holds critical business assets and intellectual property hostage.

VTech, maker of electronic toys for kids, said that 5 million of its customer accounts were leaked in a data breach that accessed user names, birthdays and passwords but not their credit card or personally identifiable information. Company officials noted that the breach was mounted by an "unauthorized party."

However, the most dangerous threat to data, user and system security is not the known known, but rather the unknown unknowns – the threats that have yet to be captured in the wild and mapped. We don’t know if they exist, we don’t have visibility into what they do, and there’s no way signatures can catch them.

The oil and gas industry is caught in a slump, with prices going up and down and profits in decline. But it faces another major problem that's gotten less attention: Cyber attacks could threaten industry stability and worker safety.

Vectra helps organizations identify intruders that are already in their networks

November 16, 2015

infoTECH Spotlight

Most security solutions have one at-bat, yet attackers can typically survive undetected in a network for around 225 days, says Vectra’s Mike Banic. “Every network has likely been hacked, but they just don’t know it yet,” he says.

Vice president of marketing Mike Banic shares the company's latest developments and discusses its recent advancements in the real-time detection of in-progress cyber attacks that spread inside networks.

The capstone event of SINET is its yearly innovation showcase in Washington, D.C., the last of which was held Nov. 3-4. The showcase brought together innovative solutions from 16 firms, including Vectra, selected by a collective of seasoned judges.

Are cybersecurity and privacy mutually exclusive, or is it possible to have both? Oliver Tavakoli, CTO of Vectra Networks, offers a quick analysis of the commercial solutions available from well-known cybersecurity suppliers to provide valuable insight.

Cybersecurity students learn by hacking at RIT Collegiate Pentesting Competition

November 11, 2015

RIT University News

Rochester Institute of Technology is already planning its second Collegiate Pentesting Competition after the success of its first annual event held Nov. 7–8 in Rochester, N.Y. Teams from nine regional universities faced-off at RIT as they broke into computer networks, evaluated their weak points and presented plans to better secure them.

A new competition at Rochester Institute of Technology allows students to attack the problem of cyber security from a different perspective. Instead of defending themselves against attackers, as other cyber threat competitions do, these students create a full-fledged plan of attack and launch it against a network.

Cyber attackers are moving laterally inside networks and using hidden tunnels of encrypted traffic to get around. The encrypted traffic that protects data within modern applications – such as SharePoint, Exchange, Salesforce.com, and Google Apps – creates a blind spot that can be exploited by advanced threats and malware.

TalkTalk Telecom Group PLC said Friday it has received a ransom demand from someone claiming responsibility for a criminal hack of its website that could have resulted in the theft of data from its database.

Cyber threats to the oil and gas industry infrastructure are potentially more serious than the breaches where hackers capitalize on stolen personal, health care or financial information. Nation states and foreign businesses have motivations to carry out cyber attacks with potentially crippling global consequences.

EC3, NCA, FBI and a range of other bodies have targeted the Dridex banking malware, including using a sinkhole operation to sever communications between infected botnets and their controlling cyber-criminals.

Venky Ganesan, managing director at Menlo Ventures, writes, “I believe there will be significant winners…notably those that reduce false positives and prioritize workflows for better incident response and remediation. Among the early leaders are companies such as Exabeam, LightCyber, Securonix and Vectra Networks."

Updates released on Tuesday by Adobe for Flash Player, Reader and Acrobat address a significant number of vulnerabilities that expose the users of these products to hacker attacks. The work of experts from Vectra Networks has been acknowledged in finding and reporting vulnerabilities.

SINET, an organization focused on advancing cybersecurity innovation through public and private sector collaboration, today announced the winners of its annual SINET 16 Innovator competition, including Vectra Networks.

While consumer Wi-Fi products may seem like an odd choice for intensive threat research, Vectra Threat Labs found that vulnerabilities in consumer and Internet of Things gear can end up having a much larger impact on enterprise security than you might think.

Value-added distributor Cloud Distribution teams up with Vectra in the UK

September 29, 2015

Channel Pro

Distributor Cloud Distribution has reached an agreement with Vectra Networks to provide the vendor’s security products to the channel. Cloud Distribution says it will help grow the Silicon Valley firm’s presence in the UK and forge relationships with new partners to drive revenue growth.

Barry University has selected Vectra to protect its high-value data Relevant Products/Services as advanced persistent attacks (APTs) surge. Vectra’s automated threat management solution enables the university to detect cyber attacks as they are happening – automatically and in real time.

IT security is renowned for being in a state of constant evolution. New threats and attack strategies pop up constantly, and security vendors offer up shiny new products designed to keep the attackers at bay.

Vectra Networks has completed its initial European business expansion following 12 months of “accelerated sales growth.” Vectra has established a dedicated European presence, with a local headquarters based in Pfaffikon, Switzerland, a logistics hub in Amsterdam and a dedicated European leadership team.

The world of security is like a football game, says Steven J. Spano, president of the Center for Internet Security. “There’s a flow to a football game where the defense has the advantage for a while, but then the offense starts to counter and mitigate,” he says.

The industry approach to detecting threats is inherently reactive, ceding the firstmover advantage to the cyber criminals. Defenses – based on signatures, reputation lists and blacklists – are only designed to recognize threats that have been previously seen. This means someone needs to be the first victim, and everyone hopes it’s not them.

Data breaches are constantly in the news whether in the form of sensational attacks against the likes of Ashley Madison or potentially more serious and far-reaching attacks such as those against health insurer Anthem or the U.S. Office of Personnel Management.

Against the backdrop of the U.S. Office of Personnel Management breach, the 2015 edition of the Laboratory’s Cyber Defenders internship offers an especially compelling introduction to cybersecurity for students who may soon serve on the front lines of cyberdefense.

Hacker attacks often start with spear-phishing attempts used to obtain credentials or deliver malware. But healthcare entities can take steps to help prevent these scams from being successful, says Connie Barrera, CISO of Jackson Health System in Miami.

Security teams are overwhelmed with a massive amount of threat data. While a decade ago no one was talking about threat intelligence except government agencies, organizations are now bombarded with threat data leaving them challenged with identifying what is relevant.

If they haven't already, Internet Explorer users would do well to implement the security update provided by Microsoft last month, as among the fixed vulnerability is one that is currently being exploited via the popular commercial Angler exploit kit.

The Jscript9 memory corruption vulnerability (CVE-2015-2419) affecting Internet Explorer 11 was identified by Vectra Threat Labs while analyzing files leaked as a result of the data breach at Italian surveillance software maker Hacking Team. The flaw was identified from an email in which someone offered to sell the exploit to the Hacking Team.

In the wake of massive data breaches at the U.S. Office of Personnel Management, health insurer Anthem and retailer Target, an enterprise’s initial reaction might be to tighten the security around networks and data. However, you may be forgetting one critical component: The insider threat.

The industry approach to detecting threats is inherently reactive, ceding the first-mover advantage to the cyber criminals. Defenses – based on signatures, reputation lists and blacklists – are only designed to recognize threats that have been previously seen. This means someone needs to be the first victim, and everyone hopes it’s not them.

Vectra says it notified Microsoft about the flaw on July 9, then waited to release details of the flaw until a Windows fix had been released, just five days later. "They were able to work on this very quickly," says threat researcher Wade Williamson, director of product marketing at Vectra.

Vectra Networks discovered a security flaw in the latest version of Internet Explorer 11 on Windows 7 and Windows 8.1 devices through monitoring an online conversation between a security researcher and malware developer Hacker Team regarding the sale of information relating to the flaw.

Vectra Networks reported the vulnerability to Microsoft on July 9. Vectra said the flaw occurs within a custom heap in JSCRIPT9, meaning it may allow an attacker to bypass protections found in standard memory.

Microsoft has released 14 bulletins as part of its July 2015 security updates. One of the zero-day vulnerabilities is a Jscript9 memory corruption vulnerability (CVE-2015-2419) identified by researchers at Vectra. The flaw affects Internet Explorer 11 and it can be exploited to gain complete control of a vulnerable system.

Vectra Networks says metadata from 40 customer network it analyzed showed one or more indicators of a targeted (as opposed to opportunistic) attack in every company that bypassed any defence the organization threw up. Not only that, three per cent of the companies showed evidence of data theft.

Report: Every company is compromised, but most infections not yet at critical stage

July 1, 2015

CSO

In a recent analysis of a quarter-million endpoint devices in 40 enterprises, every single corporate network showed evidence of a targeted intrusion but most of the activity was not yet at the most-dangerous data exfiltration stage.

There's no use in wondering anymore when your organization will be victimized by a cyberattack, it has already happened, to everyone. That is the take of an article at CIO, which noted that virtually every company has by now been compromised.

A report from cyberdefense firm Vectra Networks found dramatic increases in lateral movements and reconnaissance are signs attackers are using targeted attacks to find ways past a company’s security perimeter.

In the wake of recent cyberattacks, including the high-profile breach of the U.S. Office of Personnel Management, a new report from Vectra Networks has found a massive surge in the number of targeted cyberattacks, calling into question whether organizations are prepared to meet this threat.

Malicious actors are increasingly using the anonymous Tor network and external remote access tools to instigate targeted attacks that are growing in sophistication and complexity, a Vectra Networks analysis of internal traffic has shown.

A new study from Vectra explains what happens after your cyber defenses have been breached. According to the second edition of its Post-Intrusion Report, there was non-linear growth in lateral movement (580%) and reconnaissance (270%) detections that outpaced the 97% increase in overall detections compared to last year.

Vectra VP of Marketing Mike Banic predicts data science and machine learning will become the focus of the fight on cyber-attacks, cyber security will get social, and new entrants will continue to disrupt the cyber security market.

Working in information security for the past 20 years, I have seen a lot. Though there have been many multi-million dollar impact breaches, the recent Sony Pictures hack and subsequent data exposure and extortion is probably the most impactful to a company out of the previous breaches this year.

Regardless of how well we secure our assets from outside parties, we ultimately need to give access to our employees, contractors and partners in order for them to do their jobs. Misuse of this privileged access, whether through data theft or damage, is an unfortunate, yet inherent risk of doing business for most organizations.

The Vectra X-series platform is designed to detect sophisticated threats by using a combination of security research, data science and machine learning. According to the company, the product is capable of detecting attacks on all operating systems, applications and devices regardless of the method and location of the initial delivery.

Vectra Networks has released its updated X-series platform, the first real-time detection solution designed to discover insider and targeted threats. The new platform promises to help organizations gain instant visibility into potential threats by leveraging a combination of dynamic community threat analysis and real-time detection of cyberattacks.

An epic ride: A look back at the ever-changing information security industry

December 8, 2014

SC Magazine

“We've gone from an environment where people were essentially stationary with fixed computing assets to one where everything is porous and people are mobile and applications and data and information are all in the cloud,” says Hitesh Sheth, president and CEO for Vectra Networks.

The systems of entertainment giant Sony have been hacked once again, and although the full extent of the breach is not yet known, the incident will likely be added to the list of most damaging cyberattacks.

Vectra Networks collected data over five months from more than 100,000 hosts within sample organizations to gain a deeper understanding of breaches that inevitably bypass perimeter defenses, and what attackers do once inside networks.

Highly organized, sophisticated and successful cyber attacks continue to assail organizations and while most are opportunistic, a higher than expected percentage are targeted, according to results from a recent study.

Got malware? More than likely you do, but don't panic: The bulk of infections can be traced to standard botnet activity like spamming and click-fraud rather than data theft, a new study of real-world breaches has found.

Some large U.S. retailers are refusing to use Apple Inc's new electronic payments service as they commit to developing a rival payments system that would bolster their profits by eliminating credit card transaction fees.

Mobile technology advances have brought about the once-unfathomable prospect that wireless security is at least on a par with traditional computing and networking systems – the very ones currently fending off an unprecedented wave of cyberattacks.

Explore the challenges, understand needs and evaluate mobile device management as an approach to detecting attacks. It can lead to a flexible, highly efficient solution that detects all phases of an active attack on mobile devices, regardless of device type, operating system or applications installed.

If you patched your Linux-based systems before 1:11 a.m. Eastern Daylight Time yesterday for the major Shellshock vulnerability in the Bash function, your work is not done here yet. New bugs have been reported in Bash, so it's probably time to patch again, security experts warn.

Vectra CEO Hitesh Sheth says that the recent Home Depot breach exposes a serious security weakness, noting that the company said hackers used unique, custom-built malware to compromise up to 56 million payment cards.

It's time for CIOs to start focusing on the next line of defense in the war against cyber crime: an emerging area called breach detection, which focuses on identifying long-tail intrusions after they happen and mitigating their damage, partly through the use of big-data technologies. Your company’s information security may depend on it.

Security experts say the only hope of protecting corporate networks from hackers is something the industry calls “defense in depth.” The phrase simply means that plugging in one traditional defense – antivirus software, or a firewall, is no longer going to cut it.

Cybercriminals' ability to attack is outpacing our ability to defend. We are fighting an asymmetric war. Resources are one challenge, but so are the defensive tactics. Organizations rely on security best practices and products that were developed to counter a different threat – long before the rise of mobility, the cloud and well-organized criminals.

Video: Bloomberg TV features Vectra in a discussion about security vulnerabilities in U.S. companies

August 19, 2014

Bloomberg TV

Vectra Networks CEO Hitesh Sheth and CrowdStrike CEO George Kurtz comment on the Chinese hackers that stole personal information from 4.5 million patients of Community Health Systems and discuss how vulnerable U.S. companies are to hackers. They speak with Pimm Fox on "Taking Stock."

Vectra Networks Inc., a San Jose startup whose software aims to protect corporate and government IT systems against cyberattacks, has raised $25 million in capital provided by Accel Partners, Khosla Ventures and Intel Capital.

Cybersecurity firms now recognize that cybercriminals are so good at penetrating corporate and government IT systems that they can no longer be entirely blocked. One of these firms, Vectra Networks, has raised another $25 million in funding to detect and prioritize attacks in real time so customers can decide which ones to fight first.

Ben DiPietro of the Wall Street Journal looks at recent surveys and reports dealing with risk and compliance issues, including the new BYOD and Mobility Report from Vectra and the Information Security Group on LinkedIn.

Despite the significant damage, including loss of company or client data and unauthorized access to data and systems that the use of privately owned devices without proper security can wreak, most organizations simply have not kept pace with the explosion in use of those personal devices in the workplace.

Security start-ups arise because they have fresh approaches to fighting malware and cyber-espionage or combatting the insider threat through network monitoring. In this round-up of some of the newer security firms, Distil Networks, Observable Networks and Vectra Networks fit into that category.

Most organizations would say protecting high-value information and complying with regulations is a priority, but in practice, few businesses have enough IT security staff and resources to ensure that policies are defined and upheld, systems are secured, and users are trained.

Last week, online retail giant eBay announced that it was hacked. Large organizations realize that they have to do more to protect themselves from cybercrime and are exploring ways to block threats and/or reduce the attack surface across their networks.

The Vectra X-series platform can detect attacks at every phase of a persistent attack, regardless of how the attack enters an organization’s network and the operating system, application or device being attacked.

As if there weren't a sufficient number of things to worry about related to the Heartbleed vulnerability disclosed earlier this month, you can now add this to the list: Many of the world's computers used to control and manage heavy industrial equipment may be vulnerable, too.

Some big-name former Washington officials are backing a new cybersecurity company that seeks to help less-well-heeled clients. Vectra uses an approach en vogue: Identifying hackers already in the system rather than trying to keep them out.